Limit the number of combining chars per terminal cell.

The previous unlimited system was nicely general, but unfortunately meant you could easily DoS a PuTTY-based terminal by sending a printing character followed by an endless stream of identical combining chars. (In fact, due to accidentally-quadratic linked list management, you'd DoS it by using up all the CPU even before you got the point of making it allocate all the RAM.) The new limit is chosen to be 32, more or less arbitrarily. Overlong sequences of combining characters are signalled by turning the whole character cell into U+FFFD REPLACEMENT CHARACTER.
2025-07-17 02:57:33 -05:00 · 2019-03-01 19:20:12 +00:00
parent b9d0371c47
commit da1c8f15b1
2 changed files with 60 additions and 7 deletions
--- a/terminal.h
+++ b/terminal.h
@ -359,4 +359,19 @@ unsigned long term_translate(
 #define UCSTRUNCATED  0x80000021U    /* '!' */
 #define UCSINVALID    0x8000002AU    /* '*' */

+/*
+ * Maximum number of combining characters we're willing to store in a
+ * character cell. Our linked-list data representation permits an
+ * unlimited number of these in principle, but if we allowed that in
+ * practice then it would be an easy DoS to just squirt a squillion
+ * identical combining characters to someone's terminal and cause
+ * their PuTTY or pterm to consume lots of memory and CPU pointlessly.
+ *
+ * The precise figure of 32 is more or less arbitrary, but one point
+ * supporting it is UAX #15's comment that 30 combining characters is
+ * "significantly beyond what is required for any linguistic or
+ * technical usage".
+ */
+#define CC_LIMIT 32
+
 #endif